Dec 21 2023 05:38 AM
Hi,
We have a hybrid exchange setup. Our mx-records points to a on-premise third-party anti-spam server. This server sends mails to another internal relay-server who sends it to our on-premise exchange. The on-premise exchange sends mails to exchange-online.
We have enabled "Enhanced Filtering for Connectors", "Automatically detect and skip the last IP address".
Newsletters from our organization with mailchimp are delivered to junk folder (mailchimp is in our SFP record)
Detection technologies: Spoof intra-org
SPF: Pass
Any idea's how we could make sure the mails are delivered in the inbox, without having to all the Ip-ranges from mailchimp to the Spoofed senders Tenant Allow List?
Kind regards,
Jeroen
Dec 21 2023 07:43 AM
Hi @jgeernaert
You are probably using a From Address like @yourdomain.tld as Sender Address.
This means an external Email is coming into the Organization with a Mail From (Envelope) from *mcsv.net
SPF is tested again Mail From. So you do not need to add the SPF Records to your Domain.
Example Mail from Mailchimp
Authentication-Results: spf=pass (sender IP is 198.2.143.227) smtp.mailfrom=mail227.atl291.mcsv.net; dkim=pass (signature was verified) header.d=daszelt.ch;dmarc=bestguesspass action=none header.from=daszelt.ch;compauth=pass reason=109 Received-SPF: Pass (protection.outlook.com: domain of mail227.atl291.mcsv.net designates 198.2.143.227 as permitted sender) receiver=protection.outlook.com; client-ip=198.2.143.227; helo=mail227.atl291.mcsv.net; pr=C
Now the From is from one of your Accepted Domains > That looks like spoofing
From: =?utf-8?Q?DAS=20ZELT?= <email address removed for privacy reasons>
Reply-To: =?utf-8?Q?DAS=20ZELT?= <email address removed for privacy reasons>
To: <email address removed for privacy reasons> Date: Sat, 16 Dec 2023 13:18:55 +0000
Workaround:
Use a Subdomain as Sender in Mailchimp like @newsletter.domain.tld
Regards
Andres
Dec 22 2023 02:25 AM